diff options
| author | jsing <> | 2017-08-09 15:52:27 +0000 |
|---|---|---|
| committer | jsing <> | 2017-08-09 15:52:27 +0000 |
| commit | 2e73556f60f82f8dd63b25cecc8a45638e40ae96 (patch) | |
| tree | 94dbb3a64ba10e5ed454090d06e0f59df28931e5 /src/lib | |
| parent | 897828878ba1ebc40c255d2b04fe4df8d6c521e4 (diff) | |
| download | openbsd-2e73556f60f82f8dd63b25cecc8a45638e40ae96.tar.gz openbsd-2e73556f60f82f8dd63b25cecc8a45638e40ae96.tar.bz2 openbsd-2e73556f60f82f8dd63b25cecc8a45638e40ae96.zip | |
Split more controls into individual functions.
Diffstat (limited to 'src/lib')
| -rw-r--r-- | src/lib/libssl/s3_lib.c | 155 |
1 files changed, 91 insertions, 64 deletions
diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c index 274b2daf81..f9364a4e02 100644 --- a/src/lib/libssl/s3_lib.c +++ b/src/lib/libssl/s3_lib.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: s3_lib.c,v 1.148 2017/08/09 15:25:27 jsing Exp $ */ | 1 | /* $OpenBSD: s3_lib.c,v 1.149 2017/08/09 15:52:27 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -1802,6 +1802,78 @@ _SSL_total_renegotiations(SSL *s) | |||
| 1802 | return S3I(s)->total_renegotiations; | 1802 | return S3I(s)->total_renegotiations; |
| 1803 | } | 1803 | } |
| 1804 | 1804 | ||
| 1805 | static int | ||
| 1806 | _SSL_set_tmp_dh(SSL *s, DH *dh) | ||
| 1807 | { | ||
| 1808 | DH *dh_tmp; | ||
| 1809 | |||
| 1810 | if (!ssl_cert_inst(&s->cert)) { | ||
| 1811 | SSLerror(s, ERR_R_MALLOC_FAILURE); | ||
| 1812 | return 0; | ||
| 1813 | } | ||
| 1814 | |||
| 1815 | if (dh == NULL) { | ||
| 1816 | SSLerror(s, ERR_R_PASSED_NULL_PARAMETER); | ||
| 1817 | return 0; | ||
| 1818 | } | ||
| 1819 | |||
| 1820 | if ((dh_tmp = DHparams_dup(dh)) == NULL) { | ||
| 1821 | SSLerror(s, ERR_R_DH_LIB); | ||
| 1822 | return 0; | ||
| 1823 | } | ||
| 1824 | |||
| 1825 | DH_free(s->cert->dh_tmp); | ||
| 1826 | s->cert->dh_tmp = dh_tmp; | ||
| 1827 | |||
| 1828 | return 1; | ||
| 1829 | } | ||
| 1830 | |||
| 1831 | static int | ||
| 1832 | _SSL_set_dh_auto(SSL *s, int state) | ||
| 1833 | { | ||
| 1834 | s->cert->dh_tmp_auto = state; | ||
| 1835 | return 1; | ||
| 1836 | } | ||
| 1837 | |||
| 1838 | static int | ||
| 1839 | _SSL_set_tmp_ecdh(SSL *s, EC_KEY *ecdh) | ||
| 1840 | { | ||
| 1841 | if (!ssl_cert_inst(&s->cert)) { | ||
| 1842 | SSLerror(s, ERR_R_MALLOC_FAILURE); | ||
| 1843 | return 0; | ||
| 1844 | } | ||
| 1845 | |||
| 1846 | if (ecdh == NULL) { | ||
| 1847 | SSLerror(s, ERR_R_PASSED_NULL_PARAMETER); | ||
| 1848 | return 0; | ||
| 1849 | } | ||
| 1850 | |||
| 1851 | if (!EC_KEY_up_ref(ecdh)) { | ||
| 1852 | SSLerror(s, ERR_R_ECDH_LIB); | ||
| 1853 | return 0; | ||
| 1854 | } | ||
| 1855 | |||
| 1856 | if (!(s->internal->options & SSL_OP_SINGLE_ECDH_USE)) { | ||
| 1857 | if (!EC_KEY_generate_key(ecdh)) { | ||
| 1858 | EC_KEY_free(ecdh); | ||
| 1859 | SSLerror(s, ERR_R_ECDH_LIB); | ||
| 1860 | return 0; | ||
| 1861 | } | ||
| 1862 | } | ||
| 1863 | |||
| 1864 | EC_KEY_free(s->cert->ecdh_tmp); | ||
| 1865 | s->cert->ecdh_tmp = ecdh; | ||
| 1866 | |||
| 1867 | return 1; | ||
| 1868 | } | ||
| 1869 | |||
| 1870 | static int | ||
| 1871 | _SSL_set_ecdh_auto(SSL *s, int state) | ||
| 1872 | { | ||
| 1873 | s->cert->ecdh_tmp_auto = state; | ||
| 1874 | return 1; | ||
| 1875 | } | ||
| 1876 | |||
| 1805 | int | 1877 | int |
| 1806 | SSL_set1_groups(SSL *s, const int *groups, size_t groups_len) | 1878 | SSL_set1_groups(SSL *s, const int *groups, size_t groups_len) |
| 1807 | { | 1879 | { |
| @@ -1821,13 +1893,6 @@ ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) | |||
| 1821 | { | 1893 | { |
| 1822 | int ret = 0; | 1894 | int ret = 0; |
| 1823 | 1895 | ||
| 1824 | if (cmd == SSL_CTRL_SET_TMP_DH || cmd == SSL_CTRL_SET_TMP_ECDH) { | ||
| 1825 | if (!ssl_cert_inst(&s->cert)) { | ||
| 1826 | SSLerror(s, ERR_R_MALLOC_FAILURE); | ||
| 1827 | return (0); | ||
| 1828 | } | ||
| 1829 | } | ||
| 1830 | |||
| 1831 | switch (cmd) { | 1896 | switch (cmd) { |
| 1832 | case SSL_CTRL_GET_SESSION_REUSED: | 1897 | case SSL_CTRL_GET_SESSION_REUSED: |
| 1833 | return _SSL_session_reused(s); | 1898 | return _SSL_session_reused(s); |
| @@ -1841,69 +1906,26 @@ ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) | |||
| 1841 | case SSL_CTRL_GET_TOTAL_RENEGOTIATIONS: | 1906 | case SSL_CTRL_GET_TOTAL_RENEGOTIATIONS: |
| 1842 | return _SSL_total_renegotiations(s); | 1907 | return _SSL_total_renegotiations(s); |
| 1843 | 1908 | ||
| 1844 | case SSL_CTRL_NEED_TMP_RSA: | ||
| 1845 | ret = 0; | ||
| 1846 | break; | ||
| 1847 | |||
| 1848 | case SSL_CTRL_SET_TMP_RSA: | ||
| 1849 | case SSL_CTRL_SET_TMP_RSA_CB: | ||
| 1850 | SSLerror(s, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); | ||
| 1851 | break; | ||
| 1852 | case SSL_CTRL_SET_TMP_DH: | 1909 | case SSL_CTRL_SET_TMP_DH: |
| 1853 | { | 1910 | return _SSL_set_tmp_dh(s, (DH *)parg); |
| 1854 | DH *dh = (DH *)parg; | ||
| 1855 | if (dh == NULL) { | ||
| 1856 | SSLerror(s, ERR_R_PASSED_NULL_PARAMETER); | ||
| 1857 | return (ret); | ||
| 1858 | } | ||
| 1859 | if ((dh = DHparams_dup(dh)) == NULL) { | ||
| 1860 | SSLerror(s, ERR_R_DH_LIB); | ||
| 1861 | return (ret); | ||
| 1862 | } | ||
| 1863 | DH_free(s->cert->dh_tmp); | ||
| 1864 | s->cert->dh_tmp = dh; | ||
| 1865 | ret = 1; | ||
| 1866 | } | ||
| 1867 | break; | ||
| 1868 | 1911 | ||
| 1869 | case SSL_CTRL_SET_TMP_DH_CB: | 1912 | case SSL_CTRL_SET_TMP_DH_CB: |
| 1870 | SSLerror(s, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); | 1913 | SSLerror(s, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); |
| 1871 | return (ret); | 1914 | return 0; |
| 1872 | 1915 | ||
| 1873 | case SSL_CTRL_SET_DH_AUTO: | 1916 | case SSL_CTRL_SET_DH_AUTO: |
| 1874 | s->cert->dh_tmp_auto = larg; | 1917 | return _SSL_set_dh_auto(s, larg); |
| 1875 | return 1; | ||
| 1876 | 1918 | ||
| 1877 | case SSL_CTRL_SET_TMP_ECDH: | 1919 | case SSL_CTRL_SET_TMP_ECDH: |
| 1878 | { | 1920 | return _SSL_set_tmp_ecdh(s, (EC_KEY *)parg); |
| 1879 | EC_KEY *ecdh = NULL; | ||
| 1880 | |||
| 1881 | if (parg == NULL) { | ||
| 1882 | SSLerror(s, ERR_R_PASSED_NULL_PARAMETER); | ||
| 1883 | return (ret); | ||
| 1884 | } | ||
| 1885 | if (!EC_KEY_up_ref((EC_KEY *)parg)) { | ||
| 1886 | SSLerror(s, ERR_R_ECDH_LIB); | ||
| 1887 | return (ret); | ||
| 1888 | } | ||
| 1889 | ecdh = (EC_KEY *)parg; | ||
| 1890 | if (!(s->internal->options & SSL_OP_SINGLE_ECDH_USE)) { | ||
| 1891 | if (!EC_KEY_generate_key(ecdh)) { | ||
| 1892 | EC_KEY_free(ecdh); | ||
| 1893 | SSLerror(s, ERR_R_ECDH_LIB); | ||
| 1894 | return (ret); | ||
| 1895 | } | ||
| 1896 | } | ||
| 1897 | EC_KEY_free(s->cert->ecdh_tmp); | ||
| 1898 | s->cert->ecdh_tmp = ecdh; | ||
| 1899 | ret = 1; | ||
| 1900 | } | ||
| 1901 | break; | ||
| 1902 | 1921 | ||
| 1903 | case SSL_CTRL_SET_TMP_ECDH_CB: | 1922 | case SSL_CTRL_SET_TMP_ECDH_CB: |
| 1904 | SSLerror(s, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); | 1923 | SSLerror(s, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); |
| 1905 | return (0); | 1924 | return (0); |
| 1906 | 1925 | ||
| 1926 | case SSL_CTRL_SET_ECDH_AUTO: | ||
| 1927 | return _SSL_set_ecdh_auto(s, larg); | ||
| 1928 | |||
| 1907 | case SSL_CTRL_SET_TLSEXT_HOSTNAME: | 1929 | case SSL_CTRL_SET_TLSEXT_HOSTNAME: |
| 1908 | if (larg == TLSEXT_NAMETYPE_host_name) { | 1930 | if (larg == TLSEXT_NAMETYPE_host_name) { |
| 1909 | free(s->tlsext_hostname); | 1931 | free(s->tlsext_hostname); |
| @@ -1926,6 +1948,7 @@ ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) | |||
| 1926 | return 0; | 1948 | return 0; |
| 1927 | } | 1949 | } |
| 1928 | break; | 1950 | break; |
| 1951 | |||
| 1929 | case SSL_CTRL_SET_TLSEXT_DEBUG_ARG: | 1952 | case SSL_CTRL_SET_TLSEXT_DEBUG_ARG: |
| 1930 | s->internal->tlsext_debug_arg = parg; | 1953 | s->internal->tlsext_debug_arg = parg; |
| 1931 | ret = 1; | 1954 | ret = 1; |
| @@ -1967,11 +1990,6 @@ ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) | |||
| 1967 | ret = 1; | 1990 | ret = 1; |
| 1968 | break; | 1991 | break; |
| 1969 | 1992 | ||
| 1970 | case SSL_CTRL_SET_ECDH_AUTO: | ||
| 1971 | s->cert->ecdh_tmp_auto = larg; | ||
| 1972 | ret = 1; | ||
| 1973 | break; | ||
| 1974 | |||
| 1975 | case SSL_CTRL_SET_GROUPS: | 1993 | case SSL_CTRL_SET_GROUPS: |
| 1976 | return SSL_set1_groups(s, parg, larg); | 1994 | return SSL_set1_groups(s, parg, larg); |
| 1977 | 1995 | ||
| @@ -1993,7 +2011,7 @@ ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) | |||
| 1993 | return SSL_set_max_proto_version(s, larg); | 2011 | return SSL_set_max_proto_version(s, larg); |
| 1994 | 2012 | ||
| 1995 | /* | 2013 | /* |
| 1996 | * Legacy controls that should be removed. | 2014 | * Legacy controls that should eventually be removed. |
| 1997 | */ | 2015 | */ |
| 1998 | case SSL_CTRL_GET_CLIENT_CERT_REQUEST: | 2016 | case SSL_CTRL_GET_CLIENT_CERT_REQUEST: |
| 1999 | break; | 2017 | break; |
| @@ -2002,6 +2020,15 @@ ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) | |||
| 2002 | ret = (int)(s->s3->flags); | 2020 | ret = (int)(s->s3->flags); |
| 2003 | break; | 2021 | break; |
| 2004 | 2022 | ||
| 2023 | case SSL_CTRL_NEED_TMP_RSA: | ||
| 2024 | ret = 0; | ||
| 2025 | break; | ||
| 2026 | |||
| 2027 | case SSL_CTRL_SET_TMP_RSA: | ||
| 2028 | case SSL_CTRL_SET_TMP_RSA_CB: | ||
| 2029 | SSLerror(s, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); | ||
| 2030 | break; | ||
| 2031 | |||
| 2005 | default: | 2032 | default: |
| 2006 | break; | 2033 | break; |
| 2007 | } | 2034 | } |